A Phishing Fix For Facebook?

Facebook caulked a few cracks in its platform today, announcing an
upgrade to its mark-up language.

In a post on its blog for developers,
Facebook called FBML 1.1 "a change that has to do with both
technology and the philosophy behind the Facebook Platform."

Put less euphemistically, FBML 1.1 is a security update, intended to
fight off spam and phishing, which have threatened to become nagging
issues for the social network since it turned over feature
development to third parties in May.

Facebook removed tags from FMBL, such as fb:if-user-has-added-app and other fb-if tags that Facebook said some developers
use to deliver unwanted content to user profile boxes. Facebook added
a new set of tags called fb:visible-to-.

The changes are meant to ensure that users are always aware of
exactly what their profiles looks like to those who view them.

When Facebook CEO Mark Zuckerberg and CTO Adam D'Angelo designed and
built the Facebook platform, the idea was to let third-party
developers do the hard work of creating new features for the site in
the form of applications. By virtue of popularity, users would decide
which applications would become Facebook fixtures.

But Zuckerberg and D'Angelo knew not to trust their users entirely to
third parties so took at least two crucial measures to protect them.
They created their own mark-up language for the site, the Facebook
Mark-up Language (FBML). Second, Facebook gave users control over
which applications should appear in their profiles.

In an Aug. 6 post on one of its official blogs, Facebook was forced
to warn developers that, as the post's title read, "Misleading
Notifications To Users Will Be Blocked."

"Over the last few weeks we have noticed several developers
misleading our users into clicking on links, adding applications and
taking actions," the post reads. "While the majority of developers are doing the right thing and
playing by the rules, a few arent  and are creating spam as a result."

Facebook didn't open access to its users just to let spammers and
identity thieves at them. Opening users to such threats is a good way
to lose the momentum that resulted in what Nielsen//NetRatings called
129 percent growth in unique visits between July 2006 and July 2007.